Detections
Analytics

FreeBSD : xv -- exploitable buffer overflows (fffacc93-16cb-11d9-bc4a-000c41e2cdad)

high Nessus Plugin ID 37817

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

In a Bugtraq posting, infamous41md(at)hotpop.com reported :

there are at least 5 exploitable buffer and heap overflows in the image handling code. this allows someone to craft a malicious image, trick a user into viewing the file in xv, and upon viewing that image execute arbitrary code under privileges of the user viewing image.
note the AT LEAST part of the above sentence. there is such a plethora of bad code that I just stopped reading after a while. there are at least 100 calls to sprintf() and strcpy() with no regards for bounds of buffers. 95% of these deal with program arguments or filenames, so they are of no interest to exploit. however I just got sick of reading this code after not too long. so im sure there are still other overflows in the image handling code for other image types.

The posting also included an exploit.

Solution

Update the affected packages.

See Also

https://marc.info/?l=bugtraq&m=109302498125092

http://www.nessus.org/u?50cf4f48

Plugin Details

Severity: High

ID: 37817

File Name: freebsd_pkg_fffacc9316cb11d9bc4a000c41e2cdad.nasl

Version: 1.13

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:xv, p-cpe:/a:freebsd:freebsd:xv-m17n, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/5/2004

Vulnerability Publication Date: 8/20/2004